Professional Experience
                                            present 
-
04.2020
                                        -
04.2020
Principal IT Security Consultant
RM Information Security, Manchester, United Kingdom
---=== Details Soon ===---
                                            03.2020 
-
12.2014
                                        -
12.2014
Senior Penetration Tester (VP)
Barclays, Knutsford, United Kingdom
- Penetration Testing and Vulnerability Assessments for numerous internal and 3rd party clients including 
 - infrastructure testing
- web application assessments
- mobile security testing
- cloud system assessments
- web services testing
- VPN and remote access assessments
 
- Security assessments of various systems/products including
  - Trading Platforms
- Payments
- Single Sign-On
- Building Management Systems
- Building Access Systems
- Database Change Control
- Active Directory
- Network Access Control
- Scheduling/Workload Automation
 
- Reverse Engineering of Thick Clients and Android/iOS Mobile applications including cracking weak encryption mechanisms, local authentication and extracting sensitive information
- Firewall, router and switch configuration reviews
- MS SQL and Oracle database configuration reviews
- Operating System build and hardening reviews
- Architecture and design security reviews
- Developing the ButterFly 2.0 Security Project; an updated educational environment intended to give an insight into common web application vulnerabilities based on a payment system, written in C#/ASP.NET, MVC, HTML5 and CSS3
- Acting as mentor to other team members
                                            11.2014
-
02.2006
                                        -
02.2006
Senior IT Security Consultant
Pentest Limited, Manchester, United Kingdom
- A large number of Penetration Tests and Vulnerability Assessments for numerous customers including:
										- web application testing
- network security assessment
- web services testing
- wireless network testing
- mobile application testing
- cloud system assessment
- mobile device management solution assessment
- social engineering
- VPN and remote access assessment
 
- Architecture and design security reviews
- Firewall, router and switch configuration reviews
- Acting as mentor to other team members
- The author of the ButterFly Security Project - educational environment intended to give an insight into common web application vulnerabilities. The project 
									is based on applications written in:
									- PHP
- ASP.NET
- J2EE/Struts
- Adobe Coldfusion
 
- Preparing and delivering web application security training in the UK, Ireland and Germany
- Developing tools for penetration testing
- Reverse engineering and exploit development
- Operating System build and hardening reviews
                                            01.2006 
-
10.2004
                                        -
10.2004
IT Security Specialist/Security Officer
National Bank of Poland, Warsaw, Poland
- Penetration Testing activities (devising methodologies, penetration test execution, authoring reports; member of European Central Bank (ECB) Penetration Test Team)
- Local coordinator of TARGET (pan-European payment system) risk analysis
- Control and assessment of the bank's systems security
- Evaluation of security measures in IT projects
- Hardening of systems security
- Cooperation with IT Department in order to create secure IT solutions
- Creating and administration of a testing environment (based on Linux Debian, FreeBSD, Microsoft Windows 2000/XP/2003 + AD2003)
- Development of the Central Log Server Project based on open-source software
                                            09.2004 
-
12.2001
                                        -
12.2001
Administrator/Internet programmer
Data Bank of Engineers, Warsaw, Poland
- Configuring and securing internal networks, servers/gateways and remote access systems
- Securing personal data processed by the company
- Project planning and implementation of Active Directory infrastructure
- Project planning and implementation of the 2-layer Public Key Infrastructure; creating a Single Sign-On solution, which provides application users with access to their accounts, secure email and internal web system (based on Apache and PHP) via Smartcard technology
- Design and automation of backup procedures within the company
- Creating the company internet website
- Creating complex internal website system to manage candidate data, job offers and company's documents; advanced statistics in textual and graphical form
- Creating CV Generator application in VB .NET
- Support of company customers and employees
- Troubleshooting of software and hardware problems
                                            11.2001 
-
12.2000
                                        -
12.2000
Internet programmer/Administrator
Safenet, Lublin, Poland
- dynamic website creation based on PHP and relational database MySQL
- FreeBSD 4.x server administration (including account management, quota management, virtual servers, firewall)
- technical support of company customers
Certificates and Exams
Titles:
| 02.2013 | Tiger Scheme Senior Tester (recertification) | 
| 01.2010 | Tiger Scheme Senior Tester | 
| 06.2005 | CompTIA Security+ | 
| 02.2005 | Microsoft Certified Systems Engineer (MCSE) on Windows 2003 | 
| 11.2004 | Microsoft Certified Systems Administrator (MCSA) on Windows 2003 | 
| 04.2004 | Microsoft Certified Systems Engineer (MCSE) on Windows 2000 | 
| 02.2004 | Cisco Certified Network Associate (CCNA) | 
| 08.2003 | Microsoft Certified Systems Administrator (MCSA) on Windows 2000 | 
| 07.2002 | Microsoft Certified Professional (MCP) | 
Exams:
| 02.2013 | Tiger Scheme Senior Tester (recertification) | 
| 01.2010 | Tiger Scheme Senior Tester | 
| 06.2005 | CompTIA SY0-101 Security+ | 
| 02.2005 | 70-296: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Environment for an MCSE | 
| 11.2004 | 70-292: Managing and Maintaining a Microsoft Windows Server 2003 Environment for an MCSA | 
| 04.2004 | 70-220: Designing Security for a Microsoft. Windows. 2000 Network | 
| 02.2004 | 640-801: Cisco Certified Network Associate (CCNA) | 
| 11.2003 | 70-217: Implementing and Administering a Microsoft. Windows. 2000 Directory | 
| 09.2003 | 70-216: Implementing and Administering a Microsoft. Windows. 2000 Network Infrastructure | 
| 06.2003 | 70-218: Managing a Windows 2000 Network Environment | 
| 02.2003 | 70-228: Installing, Configuring, and Administering Microsoft. SQL Server. 2000 Enterprise Ed. | 
| 08.2002 | 70-210: Installing, Configuring, and Administering Microsoft. Windows. 2000 Professional | 
| 08.2002 | 70-215: Installing, Configuring, and Administering Microsoft. Windows. 2000 Server | 
| 06.2000 | First Certificate in English (FCE) | 
Skills
- Knowledge of Penetration Tests activities:
 - creating and following methodology
- white, grey and black box testing approaches
- privilege escalation and pivoting techniques
- ability of recognizing false positives in penetration testing
- ability of manual checking of vulnerabilities, customizing exploits and shellcodes
- using pentesting tools (including xprobe2, nmap, amap, nikto, Nessus, Burp Suite, Nexpose, Retina, ISS Internet Scanner, Spike, Metasploit, Canvas, Core Impact, NCC SQuirreL suite)
 
- Ability to test significantly complex systems, products and environments, consisting of multiple components (infrastructure, network, web, mobile UI) and using custom network communication protocols.
- Knowledge of web application vulnerabilities (for example: Blind and Time based SQL Injection, DOM Cross-Site Scripting, XML External Entity (XXE), Session Fixation, CRLF injection and many more)
- Knowledge of cryptography: public key and symmetric cryptography, signatures, message digests, MAC
- Reverse Engineering of Thick Clients and Android/iOS Mobile applications
- Knowledge of software vulnerabilities and attack techniques (including Stack, Heap, BSS-based buffer overflows, format string bugs, race conditions, symlink attacks)
- 	Knowledge of the following operating systems: 
 - Linux Debian, RedHat, Gentoo, Ubuntu
- Windows Workstation and Server OS
- Cisco IOS
- FreeBSD
- OpenBSD
 
- 	Knowledge of installation and configuration of the following services and functions of a network server:
 - Firewall (iptables,ipfw,ipf), NAT
- Network Intrusion Detection System (NIDS) - Snort+pgsql plugin+acid console
- WWW Server (Apache, IIS)
- File-based Server (Samba, FTP)
- Proxy Server (Squid)
- Mail Server (Qmail, Postfix, Sendmail) + servers POP3 and IMAP
- DNS (Bind)
- Relational databases (MySQL, PostgreSQL, MS SQL)
- Public Key Infrastructure (PKI)
- Virtual Private Network (VPN), IPSEC
- Quality of Service (QoS): ipfw, CBQ, HTB, HFSC, IMQ
- Chroot, jail of services and users
 
- 	Knowledge of the following programming languages:
 - PHP
- J2EE/Struts
- SQL/Stored Procedures
- C# and Visual Basic .NET (ASP.NET)
- C/C++ (network programming in UNIX systems, Visual Studio .NET)
- HTML, XML, CSS, Javascript
 
- Knowledge of many types LAN and WAN networks, routing protocols and network switching
- Driving licence
- 	Knowledge of the foreign languages:
 - Polish - native
- English - fluent
 
Interests
- Photography - http://elessar.smugmug.com
- Freshwater aquarium
- Sport : F1 and motorcycles racing
- Playing a guitar, RPG games, simulators, Gran Turismo, Diablo, The Witcher
- Cinema and literature
